Hello, On 03/15/18 13:39, Steve Gilberd wrote: >> Allowed IPs is like a routing table; you can't have two routes for the same > set of IPs > > If this is the case, then wireguard does not have proper routing support. > > Normally, routing tables allow both multiple and overlapping routes present. > When making routing decisions, the most-specific route is chosen (e.g. a /29 > is > higher priority than a /24 which overlaps with it). If there are two identical > routes of the same size, then the one with the lowest routing metric is used. > > I can understand not allowing identical routes of the same size, as wireguard > doesn't really have a concept of metric (although it could be useful for > backup > links). However, it really should allow overlapping routes of different sizes. > There's no ambiguity with routing decisions, and it's a standard feature that > I > would normally expect any IP routing stack to have.
WireGuard *does* support overlapping ranges of AllowedIPs on different peers. It doesn't support having *identical* ranges of AllowedIPs on different peers, which was the situation here. (You're correct, there's no concept of a metric.) > Cheers, > Steve Cheers, Samuel _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard